First, let me articulate, I am not an expert in digital forensics. So warning… if you are an expert you may want to move on to the next article. This article is for fellow interns, aspiring private investigators, the computer challenged, or just to my fellow knowledge thirsty nerds.

It is no surprise that digital forensics is growing so fast. The world of cyber-crime is one of the world’s largest, growing crimes, costing an estimated $220 billion loss to businesses and individuals every year. Because digital forensics is a new and exploding discipline, it is important to understand the very basics of digital forensics and stay abreast of the evolving field.

Think about it, we use computers for just about everything…work, play, research, learn, communicate and making business transactions. With that comes unwanted criminal activity; individuals using computers to commit, enable and support unwanted activities on our networks and internet, ultimately affecting individuals, organizations and assets. Law enforcement and forensic investigators are being inundated with cases involving computer crime and electronic evidence.

Some of the typical types of cases involving computer crimes would include the following:

The Digital Forensic Research Workshop (DFRWS) defines digital forensics as “the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.”

The forensic analysis of a computer’s data should of course always be performed by a qualified and certified Computer Forensic Analyst. You can find these individuals, on some of the following web sites:

In your search for a digital forensics expert make sure you do the following:

Verify his/her credentials

Get a copy of their resume

Make sure they will make a good expert witness

Have them explain the digital forensics process

Verify their understanding their knowledge of the chain of evidence. There are laws, and legal processes that must be abided by. They should know and understand the Federal Rules of Evidence.

Just because someone works in computers, does not make them trained in digital forensics.

The Process: How do they do it?

In my research I found that the digital forensic specialist should have a road map to conduct a thorough investigation. Each case is always different of course so the process may vary time to time. Some of the steps of a digital investigation will include:

Initial consultation – the specialist should understand the scope and goals of the case.

Collection of evidence – it is important the specialist follows the Federal Rules of Evidence

Conduction imaging of the data

Verifying the authenticity and integrity of the data

Analysis by a certified forensic analysis of the data, without altering the content of the data

Documenting and reporting all findings in the examination

Returning the computer

Securing the evidence is crucial!

The standards of admissible evidence should be followed. When the evidence is secured by the forensic specialist it is important that safeguards are taken to secure and collect the evidence that will not alter the evidence. As I stated before, the evidence should be obtained by a trained professional.

Some examples of digital evidence that is collected in these types of investigations are:

Address books

E-mail

Pictures/graphics

Digital Calendars

Favorites and bookmarks

Cookies

Event logs

Hidden and system files

Temporary internet files

Histories and internet activity

Database files, documents and text files

For a much more detailed description and overview of forensics investigation, check out

L. Scott Harrell is the managing principal of CompassPoint Investigations, a thriving private investigation agency based in Pensacola, Florida, as well as the digital marketing and competitive intelligence consultancy, Broadside Incorporated.